Tech Fixes: How to Create a SPAM filter in Office 365

Log in to your Office 365 with an account that has the necessary administrative credentials.

After logging in, click the Admin dropdown in the upper right corner and select Exchange. (See Fig. 1 below).

Fig 1. – Admin Dropdown

Select mail flow from the left hand column as shown in Fig. 2.

Fig. 2 Mail Flow Admin

in the resulting screen, shown in Fig. 3 ensure that rules is highlighted fromt he options across the top of the admin center. Click the "+" and select "Bypass spam filtering" from the resulting drop down.

Fig 3. – Bypass Spam Filtering

A new rule window (shown in Fig. 4) will pop-up. Specify a name for your rule. As shown below, I am using the generic name “Spam Whitelist” since I envision using this list to allow delivery from multiple different domains eventually.

In the Apply this rule if… dropdown, select “The sender…” which will cascade further selection options. From that resulting menu, select domain is. (The example that I’m outlining here is to whitelist an entire domain, but take note of the other options available in this menu if you’d prefer to do a different or more granular type of whitelisting).

Fig 4. – New Rule

The specify domain box will present itself as shown in Fig. 5. In that window, type the domain you wish to whitelist and then click the “+” sign. (You can add multiple domains to this list if you wish.)

At this point, you are done. You can simply click save and the whitelisting rule will go into effect.

If you wish, you can review how the rule is modifying the message properties to bypass the spam filter, however since “bypass spam filtering” was already specified earlier (Fig. 3), the specific configurations required to bypass filtering are already complete.

For the curious, Figs. 7 and 8 below show the details of this spam bypass policy.

Fig 7 - Set SPL

Fig 8 – Bypass Spam Filtering

Fig. 9 shows the completed rule in its final/enabled state in the Exchange admin center. Simply return to this part of the console to adjust this ruleset, disable/enable it, or build other similar rules if you need some sort of customized email routing.

Fig 9. – Completed Rule

While the process to implement a spam whitelist inside of Office 365 has somewhat changed in the last year, the learning curve should be relatively minimal since the underlying technology is still familiar. This consolidated administration console is a nice step in the right direction in terms of centralizing all of the administration for its cloud platforms, and I’ll continue posting guides like this one as I uncover common admin tasks that have been slightly adjusted.